import { CanActivate, ExecutionContext, Inject, Injectable, UnauthorizedException } from '@nestjs/common';
import { Reflector } from '@nestjs/core';
import { Request } from 'express';

@Injectable()
export class PermissionGuard implements CanActivate {

  @Inject(Reflector)
  private reflector: Reflector;

  async canActivate(
    context: ExecutionContext,
  ): Promise<boolean> {
    const request: Request = context.switchToHttp().getRequest();

    if(!request.user) { return true; }

    const permissions = request.user.permissions;

    const requiredPermissions = this.reflector.getAllAndOverride<string[]>('permission', [
      context.getClass(),
      context.getHandler()
    ])
    
    if(!requiredPermissions) { return true; }
    
    for(let i = 0; i < requiredPermissions.length; i++) {
      const key = requiredPermissions[i];
      if(!permissions[key]) { throw new UnauthorizedException('您没有访问该接口的权限'); }
    }

    return true;
  }
}
